Engineering Manager, Application Security

About the position As the Application Security Engineering Manager, you will build and lead True Anomaly's application security team, focusing on securing the most critical software in our portfolio—flight software that operates on-orbit and command and control (C2) systems that enable mission success. This is a unique opportunity to shape the future of application security for national security space systems, building a team from the ground up while establishing the processes, tools, and culture that will secure our spacecraft and ground operations. In this role, you will have significant autonomy to recruit and develop a world-class application security team over the coming year. You will define application security strategy, integrate security throughout the software development lifecycle, and create the foundation for a security program that meets the unique demands of flight-critical and mission-critical systems operating in contested environments. This is an ideal role for a technical leader who thrives on building teams, wants to leave their mark on cutting-edge space technology, and is energized by the opportunity to solve challenging security problems at the intersection of embedded systems, real-time software, and cloud-based command and control. This position requires a minimum Secret clearance with strong preference for active TS/SCI clearance or the ability to obtain and maintain TS/SCI. Responsibilities • Build, lead, and mentor an application security engineering team scaling to 10+ engineers over the next year, fostering a culture of technical excellence, collaboration, and mission focus • Define and execute application security strategy for flight software (FSW), ground command and control systems, mission planning applications, and supporting cloud infrastructure • Integrate security throughout the software development lifecycle (SDLC) for safety-critical embedded systems and distributed C2 applications, balancing security requirements with real-time performance and operational constraints • Establish and mature secure development practices including threat modeling, secure code review, static/dynamic analysis (SAST/DAST), software composition analysis (SCA), and security testing for both flight and ground software • Lead application security assessments and penetration testing efforts for spacecraft flight software, telemetry and command systems, and ground-based mission applications • Partner with spacecraft software engineers, ground systems developers, DevSecOps, and mission operations teams to embed security expertise across the engineering organization • Develop and enforce security standards, coding guidelines, and architectural patterns appropriate for resource-constrained embedded systems and high-assurance C2 applications • Drive remediation of security vulnerabilities and work with engineering leadership to prioritize security initiatives alongside feature development and mission timelines • Support compliance requirements including NIST 800-53, CMMC, FedRAMP, and other federal security frameworks applicable to national security space systems • Communicate application security posture, risks, and strategic initiatives to technical teams, engineering leadership, and executive stakeholders Requirements • 8+ years of hands-on experience in application security, secure software development, or related security engineering roles • 3+ years of people management experience, including hiring, coaching, performance management, and team development • Minimum Secret clearance required; active TS/SCI clearance strongly preferred • Proven experience building or significantly scaling application security programs and teams • Deep expertise in secure software development practices across multiple programming languages (C, C++, Rust, Python, Go, or similar) • Strong understanding of embedded systems security, real-time operating systems (RTOS), and resource-constrained environments • Experience with application security testing tools and methodologies including SAST, DAST, SCA, fuzzing, and penetration testing • Strong knowledge of common vulnerability classes (OWASP Top 10, CWE Top 25) and secure coding practices • Understanding of software supply chain security, dependency management, and build pipeline security • Familiarity with cloud application security in AWS, GCP, or Azure environments • Excellent leadership, communication, and stakeholder management skills • This position requires a minimum Secret clearance Nice-to-haves • Active TS/SCI security clearance • Experience securing flight software, spacecraft systems, autonomous vehicles, or other safety-critical embedded platforms • Background in aerospace, defense, or national security software development • Familiarity with space system architectures including satellite operations, ground segments, and telemetry/command protocols • Experience with CMMC, FedRAMP, NIST 800-53, or RMF processes for DoD/IC systems • Experience with containerization security (Docker, Kubernetes) and Infrastructure-as-Code security • Understanding of cryptographic implementations and secure communications protocols • Relevant certifications such as CISSP, CSSLP, GWAPT, OSCP, or similar • Experience participating in or leading red team/purple team exercises • Prior experience in fast-paced startup or high-growth environments Benefits • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave